MPLS installations

MPLS configuration in Stanalone mode

In standalone mode (no peered Mushroom device in cloud or datacenter) you will connect the MPLS circuit in passthrough mode on WAN1, so your existing subnet on MPLS will be routed through Mushroom device. A few settings are required for your remote MPLS subnets that should be bound on WAN1 when leaving from Mushroom device:

Set ‘Interface Binding’ rules on Advanced page on Mushroom’s user interface for Remote subnets, e.g will be bound on WAN1.

Using ‘Interface Binding’ rule traffic can also be routed traffic outside of existing MPLS WAN1 circuit using broadband internet lines. E.g you can choose all https and http traffic to use WAN2 circuit that are outside of private MPLS subnets. The advantage of this would be to use time sensitive traffic using MPLS circuit and data intensive traffic on broadband Internet lines.


MPLS configurations in Peered mode

In this scenario a Virtual Leased Line (VLL) connection is setup between local and remote Mushroom devices (e.g remote site and headquarter). Existing WAN1 connection on Firewall can be set in passthrough mode as in the standalone setup, so no changes on Firewall would be required. Once the outgoing traffic reaches mushroom it will utilize all the links(MPLS+Internet links) and using multiple path will send traffic to the other end Mushroom device. The advantage of including Internet circuit with the MPLS line is to increase bandwidth (as the cost to increase MPLS bandwidth could be high). Also this would have a built in failover in case the MPLS circuit goes down all traffic would still be seamlessly routed using aggregated broadband internet lines. 

You may also choose to have MPLS outside of Virtual leased line directly connected to Firewall. A policy route is setup on Firewall for failover when MPLS cirucuit is down then Firewall uses WAN2 circuit or have policy route setup on Firewall to route some of the traffic through internet lines using WAN2 on Firewall. In case of MPLS failover Firewall have an existing VPN connections to remote sites. So when MPLS circuit fails Firewall would route all VPN traffic through WAN2 connection (using Internet line) which is routed through Mushroom (advantage here is Mushroom can utilize multiple links and aggregate VPN traffic) using all WAN connections. 


